Hi all, On 3/31/06, Murad Talukdar <[EMAIL PROTECTED]> wrote: > Does anyone know if there is a public list available that has details of > sites which seek to exploit vulnerabilities in IE 6 etc? I read articles > where people say things like, "experts say that there are almost two hundred > websites which are exploiting the newly disclosed flaw...blah blah > (FUD?)..,"
I am not aware of any public lists containing these url's. But the number of sites I have personally seen is quite large. > Where do these people get these numbers from and where do they get the info > on the malicious sites from too? The numbers are often counts of unique url's seen from many different sources: Spam filtering, Honeyclients, The greater community... > On a related note--how many people have initiated a move away from IE to > Firefox/Opera etc in a corporate environment, <snip> Moving away? No. Providing an alternate browser as a backup? Sure. Having *any* other user friendly browser (firefox, opera, lynx ;) ) can provide an additional layer of security to your operations. Administrative overhead is of course the down-side to this equation - though there are deployment/maintenance/methods that may work depending on your configuration. This approach works for me and my organisation, your mileage may vary. > due to the perception(is it > JUST a perception or reality based?) that IE is less secure/more prone to > exploits? Is IE less secure? Hands up those who have performed a source code vulnerability analysis of BOTH Firefox and IE, and compared the resulting number of vulnerabilities in each... I haven't, so I can't comment. IE is the most commonly targeted web browser - but computer criminals are browser agnostic, they'll take whatever you give them. Firefox certainly isn't immune to vulnerabilities, and as Susan has pointed out - Firefox extensions can do just as much damage if you allow them indiscriminately In reality computer criminals are just given more IE (at the moment) and it is a simple business decision: Target the larger market - but keep an eye on the developing markets for opportunities. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
